Revision 5fafdf24 qemu-tech.texi
| b/qemu-tech.texi | ||
|---|---|---|
| 50 | 50 |
|
| 51 | 51 |
@itemize @minus |
| 52 | 52 |
|
| 53 |
@item
|
|
| 53 |
@item |
|
| 54 | 54 |
Full system emulation. In this mode, QEMU emulates a full system |
| 55 | 55 |
(usually a PC), including a processor and various peripherals. It can |
| 56 | 56 |
be used to launch an different Operating System without rebooting the |
| 57 | 57 |
PC or to debug system code. |
| 58 | 58 |
|
| 59 |
@item
|
|
| 59 |
@item |
|
| 60 | 60 |
User mode emulation (Linux host only). In this mode, QEMU can launch |
| 61 | 61 |
Linux processes compiled for one CPU on another CPU. It can be used to |
| 62 | 62 |
launch the Wine Windows API emulator (@url{http://www.winehq.org}) or
|
| ... | ... | |
| 69 | 69 |
|
| 70 | 70 |
QEMU generic features: |
| 71 | 71 |
|
| 72 |
@itemize
|
|
| 72 |
@itemize |
|
| 73 | 73 |
|
| 74 | 74 |
@item User space only or full system emulation. |
| 75 | 75 |
|
| ... | ... | |
| 81 | 81 |
|
| 82 | 82 |
@item Precise exceptions support. |
| 83 | 83 |
|
| 84 |
@item The virtual CPU is a library (@code{libqemu}) which can be used
|
|
| 84 |
@item The virtual CPU is a library (@code{libqemu}) which can be used
|
|
| 85 | 85 |
in other projects (look at @file{qemu/tests/qruncom.c} to have an
|
| 86 | 86 |
example of user mode @code{libqemu} usage).
|
| 87 | 87 |
|
| 88 | 88 |
@end itemize |
| 89 | 89 |
|
| 90 | 90 |
QEMU user mode emulation features: |
| 91 |
@itemize
|
|
| 91 |
@itemize |
|
| 92 | 92 |
@item Generic Linux system call converter, including most ioctls. |
| 93 | 93 |
|
| 94 | 94 |
@item clone() emulation using native CPU clone() to use Linux scheduler for threads. |
| 95 | 95 |
|
| 96 |
@item Accurate signal handling by remapping host signals to target signals.
|
|
| 96 |
@item Accurate signal handling by remapping host signals to target signals. |
|
| 97 | 97 |
@end itemize |
| 98 | 98 |
|
| 99 | 99 |
QEMU full system emulation features: |
| 100 |
@itemize
|
|
| 100 |
@itemize |
|
| 101 | 101 |
@item QEMU can either use a full software MMU for maximum portability or use the host system call mmap() to simulate the target MMU. |
| 102 | 102 |
@end itemize |
| 103 | 103 |
|
| ... | ... | |
| 106 | 106 |
|
| 107 | 107 |
QEMU x86 target features: |
| 108 | 108 |
|
| 109 |
@itemize
|
|
| 109 |
@itemize |
|
| 110 | 110 |
|
| 111 |
@item The virtual x86 CPU supports 16 bit and 32 bit addressing with segmentation.
|
|
| 111 |
@item The virtual x86 CPU supports 16 bit and 32 bit addressing with segmentation. |
|
| 112 | 112 |
LDT/GDT and IDT are emulated. VM86 mode is also supported to run DOSEMU. |
| 113 | 113 |
|
| 114 | 114 |
@item Support of host page sizes bigger than 4KB in user mode emulation. |
| 115 | 115 |
|
| 116 | 116 |
@item QEMU can emulate itself on x86. |
| 117 | 117 |
|
| 118 |
@item An extensive Linux x86 CPU test program is included @file{tests/test-i386}.
|
|
| 118 |
@item An extensive Linux x86 CPU test program is included @file{tests/test-i386}.
|
|
| 119 | 119 |
It can be used to test other x86 virtual CPUs. |
| 120 | 120 |
|
| 121 | 121 |
@end itemize |
| 122 | 122 |
|
| 123 | 123 |
Current QEMU limitations: |
| 124 | 124 |
|
| 125 |
@itemize
|
|
| 125 |
@itemize |
|
| 126 | 126 |
|
| 127 | 127 |
@item No SSE/MMX support (yet). |
| 128 | 128 |
|
| ... | ... | |
| 130 | 130 |
|
| 131 | 131 |
@item IPC syscalls are missing. |
| 132 | 132 |
|
| 133 |
@item The x86 segment limits and access rights are not tested at every
|
|
| 133 |
@item The x86 segment limits and access rights are not tested at every |
|
| 134 | 134 |
memory access (yet). Hopefully, very few OSes seem to rely on that for |
| 135 | 135 |
normal use. |
| 136 | 136 |
|
| 137 |
@item On non x86 host CPUs, @code{double}s are used instead of the non standard
|
|
| 137 |
@item On non x86 host CPUs, @code{double}s are used instead of the non standard
|
|
| 138 | 138 |
10 byte @code{long double}s of x86 for floating point emulation to get
|
| 139 | 139 |
maximum performances. |
| 140 | 140 |
|
| ... | ... | |
| 185 | 185 |
|
| 186 | 186 |
@itemize |
| 187 | 187 |
|
| 188 |
@item Full PowerPC 32 bit emulation, including privileged instructions,
|
|
| 188 |
@item Full PowerPC 32 bit emulation, including privileged instructions, |
|
| 189 | 189 |
FPU and MMU. |
| 190 | 190 |
|
| 191 | 191 |
@item Can run most PowerPC Linux binaries. |
| ... | ... | |
| 207 | 207 |
|
| 208 | 208 |
Current QEMU limitations: |
| 209 | 209 |
|
| 210 |
@itemize
|
|
| 210 |
@itemize |
|
| 211 | 211 |
|
| 212 | 212 |
@item IPC syscalls are missing. |
| 213 | 213 |
|
| ... | ... | |
| 306 | 306 |
instructions to build a function (see @file{op.h:dyngen_code()}).
|
| 307 | 307 |
|
| 308 | 308 |
In essence, the process is similar to [1], but more work is done at |
| 309 |
compile time.
|
|
| 309 |
compile time. |
|
| 310 | 310 |
|
| 311 | 311 |
A key idea to get optimal performances is that constant parameters can |
| 312 | 312 |
be passed to the simple operations. For that purpose, dummy ELF |
| ... | ... | |
| 398 | 398 |
|
| 399 | 399 |
Correct translated code invalidation is done efficiently by maintaining |
| 400 | 400 |
a linked list of every translated block contained in a given page. Other |
| 401 |
linked lists are also maintained to undo direct block chaining.
|
|
| 401 |
linked lists are also maintained to undo direct block chaining. |
|
| 402 | 402 |
|
| 403 | 403 |
Although the overhead of doing @code{mprotect()} calls is important,
|
| 404 | 404 |
most MSDOS programs can be emulated at reasonnable speed with QEMU and |
| ... | ... | |
| 418 | 418 |
@section Exception support |
| 419 | 419 |
|
| 420 | 420 |
longjmp() is used when an exception such as division by zero is |
| 421 |
encountered.
|
|
| 421 |
encountered. |
|
| 422 | 422 |
|
| 423 | 423 |
The host SIGSEGV and SIGBUS signal handlers are used to get invalid |
| 424 | 424 |
memory accesses. The exact CPU state can be retrieved because all the |
| ... | ... | |
| 446 | 446 |
|
| 447 | 447 |
In order to avoid flushing the translated code each time the MMU |
| 448 | 448 |
mappings change, QEMU uses a physically indexed translation cache. It |
| 449 |
means that each basic block is indexed with its physical address.
|
|
| 449 |
means that each basic block is indexed with its physical address. |
|
| 450 | 450 |
|
| 451 | 451 |
When MMU mappings change, only the chaining of the basic blocks is |
| 452 | 452 |
reset (i.e. a basic block can no longer jump directly to another one). |
| ... | ... | |
| 525 | 525 |
|
| 526 | 526 |
@table @asis |
| 527 | 527 |
|
| 528 |
@item [1]
|
|
| 528 |
@item [1] |
|
| 529 | 529 |
@url{http://citeseer.nj.nec.com/piumarta98optimizing.html}, Optimizing
|
| 530 | 530 |
direct threaded code by selective inlining (1998) by Ian Piumarta, Fabio |
| 531 | 531 |
Riccardi. |
| ... | ... | |
| 552 | 552 |
Willows Software. |
| 553 | 553 |
|
| 554 | 554 |
@item [7] |
| 555 |
@url{http://user-mode-linux.sourceforge.net/},
|
|
| 555 |
@url{http://user-mode-linux.sourceforge.net/},
|
|
| 556 | 556 |
The User-mode Linux Kernel. |
| 557 | 557 |
|
| 558 | 558 |
@item [8] |
| 559 |
@url{http://www.plex86.org/},
|
|
| 559 |
@url{http://www.plex86.org/},
|
|
| 560 | 560 |
The new Plex86 project. |
| 561 | 561 |
|
| 562 | 562 |
@item [9] |
| 563 |
@url{http://www.vmware.com/},
|
|
| 563 |
@url{http://www.vmware.com/},
|
|
| 564 | 564 |
The VMWare PC virtualizer. |
| 565 | 565 |
|
| 566 | 566 |
@item [10] |
| 567 |
@url{http://www.microsoft.com/windowsxp/virtualpc/},
|
|
| 567 |
@url{http://www.microsoft.com/windowsxp/virtualpc/},
|
|
| 568 | 568 |
The VirtualPC PC virtualizer. |
| 569 | 569 |
|
| 570 | 570 |
@item [11] |
| 571 |
@url{http://www.twoostwo.org/},
|
|
| 571 |
@url{http://www.twoostwo.org/},
|
|
| 572 | 572 |
The TwoOStwo PC virtualizer. |
| 573 | 573 |
|
| 574 | 574 |
@end table |
Also available in: Unified diff